Hacker News new | past | comments | ask | show | jobs | submit
tialaramex | on: Let's Encrypt bans certificate usage in any US sanctioned territory [pdf]
> Has letsencrypt been served with a subpoena?

While it's certainly possible that ISRG has been served a subpoena because it appears the US DOJ is now a mix of hacks and incompetent buffoons, it wouldn't matter because the whole point is that they don't know anything - what you told them is literally logged publicly for everybody to see without even knowing how to spell "subpoena" let alone issue one.

Some people have this insane idea that somehow the CA has some secret which either they minted and sent to the CA, or the CA minted and gave them a copy and so the US government could get this secret with a subpoena - but the whole fucking point of a Public Key Infrastructure is that we're using Public Key Encryption, if we were OK with everybody having secrets all over the place this entire thing wouldn't be needed.

basilikum | parent | next
They have the secret of the private keys used to sign certificates.

Looking at LavaBit^1 I really would not be so comfortable. The world and especially the US has not gotten more free since then.

[1]https://en.wikipedia.org/wiki/Lavabit

tialaramex | root | parent
They could mint certificates, for / about any name. But, those certificates won't work in popular applications unless the certificates include proof of logging.

So to be effective this means a hypothetical bad actor (maybe the US government or anybody else) issues bogus certificates, then either logs them - making a permanent record for everybody to see, or also subverts two or more logs, so that they issue bogus proofs.

This is a very expensive one shot attack on whatever the target would be, I guess it's not stupider than "Let's bomb Iran for no good reason" but it's up there.

basilikum | root | parent
For the vast majority of cases, would anyone notice these malicious certificates being created and logged?
toast0 | root | parent | next
I don't subscribe for my personal domains, because who cares, but when I was in charge of certificates for something important I subscribed to notifications from several providers to make sure I didn't miss anything.

I would like to think at least all the high profile destinations have someone watching.

loading story #48467506
nickf | root | parent
For any target of sufficient value that a government would do that, yes. Of course it doesn't happen anyway, because governments don't have some kind of secret access to CAs.
toast0 | parent
> Some people have this insane idea that somehow the CA has some secret which either they minted and sent to the CA, or the CA minted and gave them a copy and so the US government could get this secret with a subpoena

LetsEncrypt certainly doesn't, but I've seen certificate storefronts that generate the key on their side and provide you the key and the certificate, so you don't have to figure out how to generate a key.

tialaramex | root | parent
The Certificate Authorities are specifically forbidden from doing this because it's so obviously a terrible idea. Many of them also require that their resellers (obviously Let's Encrypt basically doesn't have resellers because that's stupid) also do not do this because it's a terrible idea.

But yes, you're correct that, especially when "cheap SSL" was a thing, outfits which did this really existed. In fact one of the companies which did this, and then deliberately revealed customer keys, resulting in all the affected certificates being revoked, isn't even bankrupt so apparently their customers are so stupid than they're still paying money for a service that's much worse than useless. Not an optimistic thought about humanity.